Contrast OSS identifies open-source components through runtime analysis, file system scanning and dependency analysis. Leveraging these techniques, OSS reports an exact inventory to Contrast.

Once a library is reported to Contrast, you can access:

  • Library usage analysis to identify whether vulnerable components are actually used by the application

  • Library version identification and guidance on the latest version

  • Comprehensive vulnerabilities coverage

  • Portfolio wide, real-time reporting of open-source components

To simplify the process and merge open-source analysis with custom code analysis, OSS is integrated as part of the Contrast platform. Here's what you can do with OSS:

  • Open-source license management Contrast OSS provides license data tied to open-source components . This can help you understand and mitigate intellectual property compliance and operational risk.

  • Open-source policy With OSS, you can set policies to blocklist open-source licenses. If a blocklisted license type is deployed in your applications, it will trigger an alert. You can also set compliance policies and security policies to set version requirements and keep your library usage safe.

  • CLI and dependency tree The Contrast command line interface (CLI) allows testing source code at the earliest stages of development. The data collected by the Contrast CLI is used to display a dependency tree that brings awareness to underlying library dependencies.